Ask Your Question
0

what's role for service user on keystone?

asked 2017-07-05 03:22:22 -0600

inki-hwang gravatar image

Hi, I have a question about keystone. In keystone tutorial, if other services(glance, nova..) was added into keystone, keystone add service user having same service name. Then, assigned admin role in service project. What's role for this service user?

I think that admin or demo user need to know service endpoint, but don't need service user. Thx!

edit retag flag offensive close merge delete

Comments

did you read the help text from: keystone-manage bootstrap --help ? The keystone user and its role are passed as parameters to this command.

mlschuler gravatar imagemlschuler ( 2017-07-06 09:43:46 -0600 )edit
add a comment

1 answer

Sort by ยป oldest newest most voted
0

answered 2017-07-06 23:07:27 -0600

Bernd Bausch gravatar image

The various parts of an OpenStack cloud (Nova, Glance, ...) communicate with each other via API. To use each other's APIs, they need to authenticate with keystone. For authentication, they need an identity - user, password, project, domain. By convention, the domain is Default, the project is service, the user is the name of the OpenStack component.

They need the admin role to do things a normal user can't, in particular accessing other users' resources.

edit flag offensive delete link more
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2017-07-05 03:22:22 -0600

Seen: 48 times

Last updated: Jul 06 '17

Related questions

Keep getting "The service catalog is empty."

Devstack installation failure

user-role-add failed [ldap backend]

Select a specific identity endpoint

Does Neutron provide an application layer firewall?

Keystone port 5000 used by Python

No handlers could be found for logger "oslo_config.cfg"

How to create a keystone extension? [closed]

where can i see the password of openstack ?

swift [Errno 111] Connection refused [closed]